Merge pull request #247165 from Jackson-Woods/patch-10

prmerger-automator[bot] · web-flow · commit caf4abc41761 · 2023-08-29T20:05:52.000Z
Max API permissions for MSA apps
diff --git a/articles/active-directory/develop/supported-accounts-validation.md b/articles/active-directory/develop/supported-accounts-validation.md
@@ -38,7 +38,7 @@ See the following table for the validation differences of various properties for
 | Certificates (`keyCredentials`)             | Symmetric signing key     | Symmetric signing key    | Encryption and asymmetric signing key  |
 | Client secrets (`passwordCredentials`)      | No limit\*                | No limit\*               | If liveSDK is enabled: Maximum of two client secrets  |
 | Redirect URIs (`replyURLs`)                 | See [Redirect URI/reply URL restrictions and limitations](reply-url.md) for more info.  |  |   |
-| API permissions (`requiredResourceAccess`)  | No more than 50 APIs (resource apps) from the same tenant as the application, no more than 10 APIs from other tenants, and no more than 400 permissions total across all APIs.   | No more than 50 APIs (resource apps) from the same tenant as the application, no more than 10 APIs from other tenants, and no more than 400 permissions total across all APIs.   | Maximum of 50 resources per application and 30 permissions per resource (for example, Microsoft Graph). Total limit of 200 per application (resources x permissions).   |
+| API permissions (`requiredResourceAccess`)  | No more than 50 total APIs (resource apps), with no more than 10 APIs from other tenants. No more than 400 permissions total across all APIs.  | No more than 50 total APIs (resource apps), with no more than 10 APIs from other tenants. No more than 400 permissions total across all APIs. | No more than 50 total APIs (resource apps), with no more than 10 APIs from other tenants. No more than 200 permissions total across all APIs. Maximum of 30 permissions per resource (for example, Microsoft Graph).   |
 | Scopes defined by this API (`oauth2Permissions`)             | Maximum scope name length of 120 characters <br><br> No limit\* on the number of scopes defined       | Maximum scope name length of 120 characters <br><br> No limit\* on the number of scopes defined    | Maximum scope name length of 40 characters <br><br> Maximum of 100 scopes defined     |
 | Authorized client applications (`preAuthorizedApplications`) | No limit\*  | No limit\*    | Total maximum of 500 <br><br> Maximum of 100 client apps defined <br><br> Maximum of 30 scopes defined per client  |
 | appRoles      | Supported <br> No limit\*   | Supported <br> No limit\* | Not supported |
